Casper T
Reputation: 1
Kafka authentication with scram 512 and KRAFT mode doesn't work
Kafka authentication with scram 512 and KRAFT mode doesn't work. My docker compose looks like this.
services:
kafka-1:
image: confluentinc/cp-kafka:7.7.1
ports:
- '9092:9092'
environment:
CLUSTER_ID: apCvyf6zusVSAvyqGAh7AZ
KAFKA_NODE_ID: 1
KAFKA_LISTENER_SECURITY_PROTOCOL_MAP: 'CONTROLLER:SASL_PLAINTEXT,CLIENT:SASL_PLAINTEXT,BROKER:SASL_PLAINTEXT'
KAFKA_ADVERTISED_LISTENERS: 'CLIENT://kafka-1:29092,BROKER://localhost:9092'
KAFKA_PROCESS_ROLES: 'broker,controller'
KAFKA_CONTROLLER_QUORUM_VOTERS: '1@kafka-1:9093'
KAFKA_LISTENERS: 'CLIENT://0.0.0.0:29092,CONTROLLER://0.0.0.0:9093,BROKER://0.0.0.0:9092'
KAFKA_INTER_BROKER_LISTENER_NAME: BROKER
KAFKA_CONTROLLER_LISTENER_NAMES: CONTROLLER
KAFKA_SASL_MECHANISM_CONTROLLER_PROTOCOL: SCRAM-SHA-512
KAFKA_SASL_MECHANISM_INTER_BROKER_PROTOCOL: SCRAM-SHA-512
KAFKA_SASL_ENABLED_MECHANISMS: SCRAM-SHA-512
KAFKA_AUTHORIZER_CLASS_NAME: org.apache.kafka.metadata.authorizer.StandardAuthorizer
KAFKA_SUPER_USERS: 'User:admin'
KAFKA_OPTS: '-Djava.security.auth.login.config=/etc/kafka/kafka_jaas.conf'
volumes:
- ./config/kafka_jaas.conf:/etc/kafka/kafka_jaas.conf
kafka-ui:
image: provectuslabs/kafka-ui:latest
ports:
- 1111:1111
environment:
SERVER_PORT: 1111
KAFKA_CLUSTERS_0_NAME: local
KAFKA_CLUSTERS_0_BOOTSTRAPSERVERS: kafka-1:29092
KAFKA_CLUSTERS_0_ZOOKEEPER: zookeeper:2181
KAFKA_CLUSTERS_0_PROPERTIES_SECURITY_PROTOCOL: SASL_PLAINTEXT
KAFKA_CLUSTERS_0_PROPERTIES_SASL_MECHANISM: SCRAM-SHA-512
KAFKA_CLUSTERS_0_PROPERTIES_SASL_JAAS_CONFIG: 'org.apache.kafka.common.security.scram.ScramLoginModule required username="admin" password="admin_password";'
And the jaas file
KafkaServer {
org.apache.kafka.common.security.scram.ScramLoginModule required
username="admin"
password="admin_password"
user_admin="admin_password"
user_service="service_password";
};
This is the error I get
kafka-1_1 | [2024-10-28 13:42:04,650] ERROR [controller-1-to-controller-registration-channel-manager]: Request ControllerRegistrationRequestData(controllerId=1, incarnationId=NZkn4xOFS42Kg0RhscJHVw, zkMigrationReady=false, listeners=[Listener(name='CONTROLLER', host='0.0.0.0', port=9093, securityProtocol=2)], features=[Feature(name='metadata.version', minSupportedVersion=1, maxSupportedVersion=19)]) failed due to authentication error with controller (kafka.server.NodeToControllerRequestThread)
kafka-1_1 | org.apache.kafka.common.errors.SaslAuthenticationException: Authentication failed during authentication due to invalid credentials with SASL mechanism SCRAM-SHA-512
kafka-1_1 | [2024-10-28 13:42:04,650] ERROR [ControllerRegistrationManager id=1 incarnation=NZkn4xOFS42Kg0RhscJHVw] RegistrationResponseHandler: authentication error (kafka.server.ControllerRegistrationManager)
kafka-1_1 | org.apache.kafka.common.errors.SaslAuthenticationException: Authentication failed during authentication due to invalid credentials with SASL mechanism SCRAM-SHA-512
If i change SASL mechanism to PLAIN, everything works?
Upvotes: 0
Views: 166
Answers (0)
Related Questions
- Kafka with KRAFT authentification
- Running Kafka in KRaft mode with SASL_PLAINTEXT + SCRAM-SHA-256
- Exception while loading Zookeeper JAAS login context and Could not find a 'KafkaServer' or 'sasl_plaintext.KafkaServer' entry in the JAAS
- KAFKA: Connection to node failed authentication due to: Authentication failed due to invalid credentials with SASL mechanism SCRAM-SHA-256
- kafka SASL_PLAIN SCRAM is fail in spring boot consumer
- Kafka2.2.0 with SASL-SCRAM - SSL peer is not authenticated, returning ANONYMOUS instead
- Which is the best authentication mechanism in kafka security?